Hackers are spoofing Zoom domains to target remote workers
Written by James Orme Mon 30 Mar 2020

Spike in suspicious domain registrations containing the word Zoom
As more workers rush to adopt remote working technologies such as cloud-based teleconferencing or collaboration tools, cyber security companies have been quick to identify the ways in which hackers might exploit the situation to compromise users.
The latest company to do so is Check Point Software, whose researchers have penned a fresh blog post detailing how cyber hackers are taking advantage of surging demand for Zoom, conferencing software that has become a household name in recent weeks.
The cyber security company’s researchers explained how they have been monitoring the rise of a particular technique called spoofing which hackers deploy to seize personal data from unsuspecting users in phishing attacks. Spoofing refers to the process whereby hackers disguise a website url, phone number or email to make it look legitimate.
Check Point experts said they have tracked “a major increase” in new domain registrations with URLs that include the word ‘Zoom’, with a portion apparently taking advantage of the new mass of users looking to download the software.
Out of the 1700 new domains containing the word Zoom registered this year, 25 were created in the past week. Not all of these are necessarily worth worrying about, but the company deemed 4 percent “suspicious”.
The company said hackers are also distributing InstallCore packages that masquerade as Zoom installation files. InstallCore is an application bundle that secretly installs malicious applications or adware on user computers.
Zoom is not the only application being targeted by hackers. Check Point said it identified new phishing sites for “every leading communication platform” including Google Classroom, which URL, classroom.google.com, was impersonated by googloclassroom\.com and googieclassroom\.com.
Check Point listed a series of recommendations advising how users can avoid falling prey to these attacks. They include being cautious with emails and files received from unknown senders; not opening unknown attachments or links within them; being wary of lookalike domains and unfamiliar email senders; and ensuring goods are only ordered from authentic sources.
Written by James Orme Mon 30 Mar 2020